requiring .desktop files to be executable ?

Michael Pyne mpyne at purinchu.net
Sun Feb 22 06:20:44 GMT 2009


On Sunday 22 February 2009, Roland Harnau wrote:
> 2009/2/11 Alexander Neundorf <neundorf at kde.org>:
> > here's an article and comments about potential security problems
> > with "executing" .desktop files although they are not executable:
> > http://lwn.net/Articles/318755/
>
> Perhaps I'm a bit late, but I think the whole idea is rather dubious.
> A .desktop file is executable if and only if it contains a (vaild)
> Exec key, and according to the Desktop Entry Specification this key is
> not required (e.g. .desktop files for Plasmoids do not contain them).
> They simply don't fit in the classical UNIX permission scheme.

The subset of .desktop files with a valid Exec= key on the other hand 
certainly should fit within that scheme however.

Regards,
 - Michael Pyne
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20090222/88d28a69/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20090222/88d28a69/attachment.sig>


More information about the kde-core-devel mailing list